You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2019/11/27 16:56:48 UTC
svn commit: r1053376 - in /websites/production/cxf/content:
cache/main.pageCache fediz-history.html fediz.html
Author: buildbot
Date: Wed Nov 27 16:56:48 2019
New Revision: 1053376
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/fediz-history.html
websites/production/cxf/content/fediz.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/fediz-history.html
==============================================================================
--- websites/production/cxf/content/fediz-history.html (original)
+++ websites/production/cxf/content/fediz-history.html Wed Nov 27 16:56:48 2019
@@ -99,7 +99,7 @@ Apache CXF -- Fediz History
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><p><strong><strong><strong><strong>October 8, 2018 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>5 released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.5 is released.  New features include supporting custom claims handling (transformation) in the plugins and SAML SSO support in the Jetty and Spring security plugins. See the <a shape="rect" href="https://cwiki.apache.org/confluence/display/CXF/Fediz+Downloads">download</a> page for more information.</p><p><strong><strong><strong><strong>June 29, 2018 - <strong><strong>Apache CXF Fediz 1.4.4</strong></strong> released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.4 has been released. A new security advisory has been released for an issue that was fixed in this release:</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc">CVE-2018-8038</a>: Apache CXF Fediz is vulnerable to DTD based XML attacks.</li></ul><p
>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12342255">1.4.4</a>.</p><p><strong><strong><strong><strong>November 30, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>3 and 1.3.3 released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.3 and 1.3.3 have been released. A new security advisory has been released for an issue that was fixed in these releases:</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc">CVE-2017-12631</a>: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.</li></ul><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12341612">1.4.3</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12340453">1.3.3
</a>.</p><p><strong><strong>September 15, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>2 released</strong></strong></p><p>Apache CXF Fediz 1.4.2 has been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12341303">1.4.2</a>.</p><p><strong><strong>August 18, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>1 released</strong></strong></p><p>Apache CXF Fediz 1.4.1 has been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12340452">1.4.1</a>.</p><p><strong><strong>May 16, 2017 - Two new security advisories for Apache CXF Fediz are released</strong></strong></p><p>Two new security advisories have been released for issues that are fixed in the latest releases (1.4.0, 1.3.2 and 1.2.4):</p><ul><li><a shape="rect" href="http://cxf.apache.org/
security-advisories.data/CVE-2017-7661.txt.asc?version=1&modificationDate=1494949364764&api=v2">CVE-2017-7661</a>: The Apache CXF Fediz Jetty and Spring plugins are vulnerable to CSRF attacks.</li><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc?version=1&modificationDate=1494949377300&api=v2">CVE-2017-7662</a>: The Apache CXF Fediz OIDC Client Registration Service is vulnerable to CSRF attacks</li></ul><p><strong><strong>April 28, 2017 - Apache CXF Fediz 1.4.0, 1.3.2 and 1.2.4 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.4.0, 1.3.2 and 1.2.4 have been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338680">1.4.0</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338091">1.3.2</a> <a shape="rect" class
="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338219">1.2.4</a>.</p><p><strong><strong><strong>September 8, 2016</strong></strong> - A new security advisory for Apache CXF Fediz is released</strong></p><p>A security issue was fixed in the latest Fediz releases (1.3.1 + 1.2.3):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc?version=1&modificationDate=1473350153000&api=v2">CVE-2016-4464</a>: Apache CXF Fediz application plugins do not match the SAML AudienceRestriction values against the list of configured audience URIs</li></ul><p>Please upgrade to the latest releases as soon as possible.</p><p><strong><strong>September 8, 2016 - Apache CXF Fediz 1.3.1 and 1.2.3 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.3.1 and 1.2.3 have been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/
jira/secure/ReleaseNote.jspa?projectId=12313420&version=12335480">1.3.1</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12334883">1.2.3</a></p><p><strong><strong>March 30, 2016 - Apache CXF Fediz 1.3.0 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.3.0 has been released. It contains an update to use CXF 3.1.6, a new OpenId Connect based IdP (<a shape="rect" href="https://cwiki.apache.org/confluence/display/CXF/Fediz+OIDC">Fediz OIDC</a>), support for bridging between the WS-Federation and OpenId Connect protocols, and support for SAML SSO in the Fediz IdP.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12329721">1.3.0</a></p><p><strong><strong>February 16, 2016 - Apache CXF Fediz 1.2.2 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.2.2 has been rele
ased. It contains an update to use CXF 3.0.8, some updates to the Websphere plugin, a fix for some issues relating to caching SAML tokens, and various other bug fixes.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12333156">1.2.2</a></p><p><strong>August 28, 2015 - A new security advisory for Apache CXF Fediz is released</strong></p><p>A security issue was fixed in the latest Fediz releases (1.2.1 + 1.1.3):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2015-5175.txt.asc?version=1&modificationDate=1440598018000&api=v2">CVE-2015-5175</a>: Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks</li></ul><p><strong>August 12, 2015 - Apache CXF Fediz 1.2.1 and 1.1.3 released!</strong></p><p>Apache CXF Fediz 1.2.1 has been released. It contains an update to use Apache CXF 3.0.6, an update to use 2048 bit certi
ficates to fix some issues with running the examples, support for SAML SSO Metadata in the IdP, as well as some other issues.</p><p>Apache CXF Fediz 1.1.3 has also been released. It contains an update to use Apache CXF 2.7.17, a fix for a NPE when ChainTrust is configured + no Subject is provided, and a dynamic STS realm parser.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12332051">1.2.1</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12328874">1.1.3</a></p><p><strong>April 28, 2015 - Apache CXF Fediz 1.2.0 released!</strong></p><p>Apache CXF Fediz 1.2.0 has been released. It contains an update to use Apache CXF 3.0.4 as well as a host of new features (see below).</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=1
2313420&version=12326043">1.2.0</a></p><p><strong>October 21, 2014 - Apache CXF Fediz 1.1.2 released!</strong></p><p>Apache CXF Fediz 1.1.2 has been released. It features an update to CXF 2.7.13, as well as support for an easy to use claim mapping support in the STS, kerberos authentication support in the IdP, as well as some minor bug fixes.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12327120">1.1.2</a></p><p><strong>June 16, 2014 - Apache CXF Fediz 1.1.1 and 1.0.4 released!</strong></p><p>Apache CXF Fediz 1.1.1 and 1.0.4 have been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12325565">1.1.1</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12324084">1.0.4</a></p><p><strong>N
ovember 9, 2013 - Apache CXF Fediz 1.1.0 released!</strong></p><p>Apache CXF Fediz 1.1.0 has been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12324084">1.1.0</a></p><p><strong>February 22, 2013 - Apache CXF Fediz 1.0.3 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12323485">1.0.3</a></p><p><strong>November 7, 2012 - Apache CXF Fediz 1.0.2 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12323287">1.0.2</a></p><p><strong>August 28, 2012 - Apache CXF Fediz 1.0.1 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=123
21857">1.0.1</a></p><p><strong>June 23, 2012 - Apache CXF Fediz 1.0.0 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12321243">1.0.0</a></p></div>
+<div id="ConfluenceContent"><p><strong>November 27 - Apache CXF Fediz 1.4.6 released</strong></p><p>Apache CXF Fediz 1.4.6 is released. See the <a shape="rect" href="fediz-downloads.html">download</a> page for more information.</p><p><strong><strong><strong><strong>October 8, 2018 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>5 released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.5 is released.  New features include supporting custom claims handling (transformation) in the plugins and SAML SSO support in the Jetty and Spring security plugins. See the <a shape="rect" href="https://cwiki.apache.org/confluence/display/CXF/Fediz+Downloads">download</a> page for more information.</p><p><strong><strong><strong><strong>June 29, 2018 - <strong><strong>Apache CXF Fediz 1.4.4</strong></strong> released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.4 has been released. A new security advisory has been released for an issue that was fixed in t
his release:</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc">CVE-2018-8038</a>: Apache CXF Fediz is vulnerable to DTD based XML attacks.</li></ul><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12342255">1.4.4</a>.</p><p><strong><strong><strong><strong>November 30, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>3 and 1.3.3 released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.3 and 1.3.3 have been released. A new security advisory has been released for an issue that was fixed in these releases:</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2017-12631.txt.asc">CVE-2017-12631</a>: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.</li></ul><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNot
e.jspa?projectId=12313420&version=12341612">1.4.3</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12340453">1.3.3</a>.</p><p><strong><strong>September 15, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>2 released</strong></strong></p><p>Apache CXF Fediz 1.4.2 has been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12341303">1.4.2</a>.</p><p><strong><strong>August 18, 2017 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>1 released</strong></strong></p><p>Apache CXF Fediz 1.4.1 has been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12340452">1.4.1</a>.</p><p><strong><strong>May 16, 2017 - Two new security advisories for Apache CXF Fediz are release
d</strong></strong></p><p>Two new security advisories have been released for issues that are fixed in the latest releases (1.4.0, 1.3.2 and 1.2.4):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2017-7661.txt.asc?version=1&modificationDate=1494949364764&api=v2">CVE-2017-7661</a>: The Apache CXF Fediz Jetty and Spring plugins are vulnerable to CSRF attacks.</li><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.asc?version=1&modificationDate=1494949377300&api=v2">CVE-2017-7662</a>: The Apache CXF Fediz OIDC Client Registration Service is vulnerable to CSRF attacks</li></ul><p><strong><strong>April 28, 2017 - Apache CXF Fediz 1.4.0, 1.3.2 and 1.2.4 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.4.0, 1.3.2 and 1.2.4 have been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&
amp;version=12338680">1.4.0</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338091">1.3.2</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12338219">1.2.4</a>.</p><p><strong><strong><strong>September 8, 2016</strong></strong> - A new security advisory for Apache CXF Fediz is released</strong></p><p>A security issue was fixed in the latest Fediz releases (1.3.1 + 1.2.3):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc?version=1&modificationDate=1473350153000&api=v2">CVE-2016-4464</a>: Apache CXF Fediz application plugins do not match the SAML AudienceRestriction values against the list of configured audience URIs</li></ul><p>Please upgrade to the latest releases as soon as possible.</p><p><strong><strong>September 8, 2016 - Apache CXF Fediz 1.3.1 a
nd 1.2.3 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.3.1 and 1.2.3 have been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12335480">1.3.1</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12334883">1.2.3</a></p><p><strong><strong>March 30, 2016 - Apache CXF Fediz 1.3.0 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.3.0 has been released. It contains an update to use CXF 3.1.6, a new OpenId Connect based IdP (<a shape="rect" href="https://cwiki.apache.org/confluence/display/CXF/Fediz+OIDC">Fediz OIDC</a>), support for bridging between the WS-Federation and OpenId Connect protocols, and support for SAML SSO in the Fediz IdP.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa
?projectId=12313420&version=12329721">1.3.0</a></p><p><strong><strong>February 16, 2016 - Apache CXF Fediz 1.2.2 released<br clear="none"></strong></strong></p><p>Apache CXF Fediz 1.2.2 has been released. It contains an update to use CXF 3.0.8, some updates to the Websphere plugin, a fix for some issues relating to caching SAML tokens, and various other bug fixes.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12333156">1.2.2</a></p><p><strong>August 28, 2015 - A new security advisory for Apache CXF Fediz is released</strong></p><p>A security issue was fixed in the latest Fediz releases (1.2.1 + 1.1.3):</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2015-5175.txt.asc?version=1&modificationDate=1440598018000&api=v2">CVE-2015-5175</a>: Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks</li></ul><p><
strong>August 12, 2015 - Apache CXF Fediz 1.2.1 and 1.1.3 released!</strong></p><p>Apache CXF Fediz 1.2.1 has been released. It contains an update to use Apache CXF 3.0.6, an update to use 2048 bit certificates to fix some issues with running the examples, support for SAML SSO Metadata in the IdP, as well as some other issues.</p><p>Apache CXF Fediz 1.1.3 has also been released. It contains an update to use Apache CXF 2.7.17, a fix for a NPE when ChainTrust is configured + no Subject is provided, and a dynamic STS realm parser.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12332051">1.2.1</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12328874">1.1.3</a></p><p><strong>April 28, 2015 - Apache CXF Fediz 1.2.0 released!</strong></p><p>Apache CXF Fediz 1.2.0 has been released. It contains an update
to use Apache CXF 3.0.4 as well as a host of new features (see below).</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12326043">1.2.0</a></p><p><strong>October 21, 2014 - Apache CXF Fediz 1.1.2 released!</strong></p><p>Apache CXF Fediz 1.1.2 has been released. It features an update to CXF 2.7.13, as well as support for an easy to use claim mapping support in the STS, kerberos authentication support in the IdP, as well as some minor bug fixes.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12327120">1.1.2</a></p><p><strong>June 16, 2014 - Apache CXF Fediz 1.1.1 and 1.0.4 released!</strong></p><p>Apache CXF Fediz 1.1.1 and 1.0.4 have been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=123
13420&version=12325565">1.1.1</a> <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12324084">1.0.4</a></p><p><strong>November 9, 2013 - Apache CXF Fediz 1.1.0 released!</strong></p><p>Apache CXF Fediz 1.1.0 has been released.</p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12324084">1.1.0</a></p><p><strong>February 22, 2013 - Apache CXF Fediz 1.0.3 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12323485">1.0.3</a></p><p><strong>November 7, 2012 - Apache CXF Fediz 1.0.2 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12323287">1.0.2</a></p><p><strong>August 28,
2012 - Apache CXF Fediz 1.0.1 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12321857">1.0.1</a></p><p><strong>June 23, 2012 - Apache CXF Fediz 1.0.0 released</strong></p><p>Release notes: <a shape="rect" class="external-link" href="https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12313420&version=12321243">1.0.0</a></p></div>
</div>
<!-- Content -->
</td>
Modified: websites/production/cxf/content/fediz.html
==============================================================================
--- websites/production/cxf/content/fediz.html (original)
+++ websites/production/cxf/content/fediz.html Wed Nov 27 16:56:48 2019
@@ -99,7 +99,7 @@ Apache CXF -- Fediz
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="Fediz-ApacheCXFFediz:AnOpen-SourceWebSecurityFramework">Apache CXF Fediz: An Open-Source Web Security Framework</h1><h2 id="Fediz-Overview">Overview</h2><p>Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. Apache CXF Fediz supports both <a shape="rect" class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002" rel="nofollow">WS-Federation Passive Requestor Profile</a> and the <a shape="rect" class="external-link" href="https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf" rel="nofollow">SAML Web Browser SSO Profile</a>. Fediz supports <a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_
identity" rel="nofollow">Claims Based Access Control</a> beyond Role Based Access Control (RBAC).</p><h2 id="Fediz-News">News</h2><p><strong><strong><strong><strong>October 8, 2018 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>5 released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.5 is released.  New features include supporting custom claims handling (transformation) in the plugins and SAML SSO support in the Jetty and Spring security plugins. See the <a shape="rect" href="fediz-downloads.html">download</a> page for more information.</p><p><strong><strong><strong><strong>June 29, 2018 - <strong><strong>Apache CXF Fediz 1.4.4</strong></strong> released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.4 has been released. A new security advisory has been released for an issue that was fixed in this release:</p><ul><li><a shape="rect" href="http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc">CVE-2018-8038</a>: Apache CX
F Fediz is vulnerable to DTD based XML attacks</li></ul><h2 id="Fediz-Download">Download</h2><p>See <a shape="rect" href="fediz-downloads.html">here</a>.</p><h2 id="Fediz-ProjectSource">Project Source</h2><p>The Apache CXF Fediz sources are hosted at <a shape="rect" class="external-link" href="https://gitbox.apache.org/">Apache gitbox</a>. This includes a full two way sync with github. As github provides the nicer user interface we now recommend to directly work on the github cxf repo.</p><ul><li>Web Browsing: <a shape="rect" class="external-link" href="https://github.com/apache/cxf-fediz" rel="nofollow">https://github.com/apache/cxf-fediz</a></li><li>Checking out from GIT: git clone git@github.com:apache/cxf-fediz.git</li></ul><p>CXF committers can directly commit to github after doing the <a shape="rect" class="external-link" href="https://gitbox.apache.org/setup/">Apache gitbox setup</a>. Be aware that the sync might take half an hour before you are added to the CX
F github group.</p><ul><li>Forking and Pull Requests: See <a shape="rect" href="getting-involved.html">Getting Involved</a></li><li>Building the Source: Follow the <a shape="rect" class="external-link" href="https://github.com/apache/cxf-fediz/blob/master/BUILDING.txt" rel="nofollow">BUILDING.txt</a> file in the Fediz download for full build instructions.</li><li>Eclipse: See <a shape="rect" href="http://cxf.apache.org/setting-up-eclipse.html">this page</a> for information on using the Eclipse IDE with the Fediz source code. This page is created for CXF but the same commands are applicable for Fediz too.</li></ul><h2 id="Fediz-ApacheCXFFedizuserguide">Apache CXF Fediz user guide</h2><ul><li><a shape="rect" href="fediz-introduction.html">Introduction</a></li><li><a shape="rect" href="fediz-architecture.html">Fediz Architecture</a></li><li>Relying Party Containers<br clear="none"><ul><li><a shape="rect" href="fediz-configuration.html">Fediz Configuration</a></li><li><a shape="rec
t" href="fediz-extensions.html">Fediz Extensions</a></li><li><a shape="rect" href="fediz-tomcat.html">Apache Tomcat</a></li><li><a shape="rect" href="fediz-jetty.html">Jetty<br clear="none"></a></li><li><a shape="rect" href="fediz-spring.html">Spring Security<br clear="none"></a></li><li><a shape="rect" href="fediz-websphere.html">Websphere<br clear="none"></a></li><li><a shape="rect" href="fediz-cxf.html">Apache CXF<br clear="none"></a></li></ul></li><li><a shape="rect" href="fediz-idp-11.html">Fediz IdP</a></li><li><a shape="rect" href="fediz-idp-10.html">Fediz IdP 1.0</a> (deprecated)</li><li><a shape="rect" href="fediz-metadata.html">Fediz Metadata</a></li><li><a shape="rect" href="fediz-samples.html">Fediz Samples</a></li><li><a shape="rect" href="fediz-articles.html">Fediz Articles</a></li><li><a shape="rect" href="fediz-history.html">Fediz History</a></li></ul><p><br clear="none"></p></div>
+<div id="ConfluenceContent"><h1 id="Fediz-ApacheCXFFediz:AnOpen-SourceWebSecurityFramework">Apache CXF Fediz: An Open-Source Web Security Framework</h1><h2 id="Fediz-Overview">Overview</h2><p>Apache CXF Fediz is a subproject of CXF. Fediz helps you to secure your web applications and delegates security enforcement to the underlying application server. With Fediz, authentication is externalized from your web application to an identity provider installed as a dedicated server component. Apache CXF Fediz supports both <a shape="rect" class="external-link" href="http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html#_Toc223175002" rel="nofollow">WS-Federation Passive Requestor Profile</a> and the <a shape="rect" class="external-link" href="https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf" rel="nofollow">SAML Web Browser SSO Profile</a>. Fediz supports <a shape="rect" class="external-link" href="http://en.wikipedia.org/wiki/Claims-based_
identity" rel="nofollow">Claims Based Access Control</a> beyond Role Based Access Control (RBAC).</p><h2 id="Fediz-News">News</h2><p><strong><strong><strong><strong>November 27 - Apache CXF Fediz 1.4.6 released</strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.6 is released. See the <a shape="rect" href="fediz-downloads.html">download</a> page for more information.</p><p><strong><strong><strong><strong><strong>October 8, 2018 - <strong><strong>Apache CXF Fediz 1.4.</strong></strong>5 released</strong></strong></strong></strong></strong></p><p>Apache CXF Fediz 1.4.5 is released.  New features include supporting custom claims handling (transformation) in the plugins and SAML SSO support in the Jetty and Spring security plugins. See the <a shape="rect" href="fediz-downloads.html">download</a> page for more information.</p><h2 id="Fediz-Download">Download</h2><p>See <a shape="rect" href="fediz-downloads.html">here</a>.</p><h2 id="Fediz-ProjectSource">Project Source</h2
><p>The Apache CXF Fediz sources are hosted at <a shape="rect" class="external-link" href="https://gitbox.apache.org/">Apache gitbox</a>. This includes a full two way sync with github. As github provides the nicer user interface we now recommend to directly work on the github cxf repo.</p><ul><li>Web Browsing: <a shape="rect" class="external-link" href="https://github.com/apache/cxf-fediz" rel="nofollow">https://github.com/apache/cxf-fediz</a></li><li>Checking out from GIT: git clone git@github.com:apache/cxf-fediz.git</li></ul><p>CXF committers can directly commit to github after doing the <a shape="rect" class="external-link" href="https://gitbox.apache.org/setup/">Apache gitbox setup</a>. Be aware that the sync might take half an hour before you are added to the CXF github group.</p><ul><li>Forking and Pull Requests: See <a shape="rect" href="getting-involved.html">Getting Involved</a></li><li>Building the Source: Follow the <a shape="rect" class="external-lin
k" href="https://github.com/apache/cxf-fediz/blob/master/BUILDING.txt" rel="nofollow">BUILDING.txt</a> file in the Fediz download for full build instructions.</li><li>Eclipse: See <a shape="rect" href="http://cxf.apache.org/setting-up-eclipse.html">this page</a> for information on using the Eclipse IDE with the Fediz source code. This page is created for CXF but the same commands are applicable for Fediz too.</li></ul><h2 id="Fediz-ApacheCXFFedizuserguide">Apache CXF Fediz user guide</h2><ul><li><a shape="rect" href="fediz-introduction.html">Introduction</a></li><li><a shape="rect" href="fediz-architecture.html">Fediz Architecture</a></li><li>Relying Party Containers<br clear="none"><ul><li><a shape="rect" href="fediz-configuration.html">Fediz Configuration</a></li><li><a shape="rect" href="fediz-extensions.html">Fediz Extensions</a></li><li><a shape="rect" href="fediz-tomcat.html">Apache Tomcat</a></li><li><a shape="rect" href="fediz-jetty.html">Jetty<br clear="none"></a></li><li><
a shape="rect" href="fediz-spring.html">Spring Security<br clear="none"></a></li><li><a shape="rect" href="fediz-websphere.html">Websphere<br clear="none"></a></li><li><a shape="rect" href="fediz-cxf.html">Apache CXF<br clear="none"></a></li></ul></li><li><a shape="rect" href="fediz-idp-11.html">Fediz IdP</a></li><li><a shape="rect" href="fediz-idp-10.html">Fediz IdP 1.0</a> (deprecated)</li><li><a shape="rect" href="fediz-metadata.html">Fediz Metadata</a></li><li><a shape="rect" href="fediz-samples.html">Fediz Samples</a></li><li><a shape="rect" href="fediz-articles.html">Fediz Articles</a></li><li><a shape="rect" href="fediz-history.html">Fediz History</a></li></ul><p><br clear="none"></p></div>
</div>
<!-- Content -->
</td>